|
|
| (43 intermediate revisions by 2 users not shown) |
| Line 1: |
Line 1: |
| <!--
| | This page contains notes and information about rooting my Android phone, and using it as an internet proxy. |
| [[Rooting Android]]
| |
| -->
| |
|
| |
|
| This page has got some info on how I use my Android phone.
| | =Rooting an Android Evo= |
|
| |
|
| =Installing Android SDK=
| | Here is a really long but WORKING guide to [[Rooting Android Evo 4G]]. |
|
| |
|
| ==Mac OS X==
| | Note that this was written in July 2015. That's at least 3 years after any other guide you'll find. So, if you need a MODERN guide to rooting the HTC Evo 4G, this is it. There's a LOT of crud laying around. |
|
| |
|
| Download android-sdk_r10-mac_x86.zip from here: http://developer.android.com/sdk/index.html
| | =Don't Root Robots= |
|
| |
|
| Extract to wherever you want, I put it with the rest of my 3rd-party packages in <code>~/pkg</code>. It's a binary, so you can just extract the .zip file and put it anywhere.
| | Talk from 2011 going into greater detail about how various android exploits work: |
|
| |
|
| You'll want to add the location of a couple of utilities to your <code>$PATH</code>, by adding this to your <code>.profile</code> or whichever dot file you put your <code>$PATH</code> stuff into (or just by running these from your command line, if this is a one-time thing for you):
| | https://jon.oberheide.org/files/bsides11-dontrootrobots.pdf |
|
| |
|
| <source lang="bash">
| | =Meeting People= |
| export PATH="${HOME}/pkg/android-sdk-mac_x86/platform-tools:${PATH}"
| |
| export PATH="${HOME}/pkg/android-sdk-mac_x86/tools:${PATH}"
| |
| </source>
| |
|
| |
|
| You can test it worked right by running:
| | Following Josh in General, let's meet some people. |
|
| |
|
| <source>
| | ==WARNING== |
| $ which adb
| |
| /path/to/android-sdk-mac_x86/platform-tools/adb
| |
|
| |
|
| $ which android
| | WARNING: The following websites WILL package viruses with APKs, so DO NOT USE THEM. |
| /path/to/android-sdk-mac_x86/tools/android
| |
| </source>
| |
|
| |
|
| This doesn't come with all the things you'll need, so before doing anything else, run the "android" program, which will run the Android SDK Manager.
| | <s>http://apps.evozi.com/apk-downloader/</s> |
|
| |
|
| [[Image:MacDroid1.png|350px|caption=The Android SDK Manager GUI on Mac OS X.]]
| | <s>http://www.apkpure.com</s> |
|
| |
|
| [[Image:MacDroid2.png|350px|caption=Packages I have installed.]]
| | <s>http://apk-dl.com/</s> |
|
| |
|
| I recommend installing the following:
| | ==Android Apps== |
|
| |
|
| * SDK Platform Android (whatever the latest API is)
| | In order to meet people over wifi, we'll need to install some Android apps to passively listen to everything going on around. |
| * Android SDK Platform-tools
| |
| * Android SDK Tools
| |
|
| |
|
| Pick "Available packages" from the side bar and then collapse the various lists there. You'll find the above packages in the list.
| | [[Android/Sniff]] |
|
| |
|
| If you try and collapse the list and you see a "Failed to fetch URL (blah blah blah)", then pick "Settings" from the side bar and check "Force https://... sources to be fetched using http://...".
| | =Old Notes= |
|
| |
|
| [[Image:MacDroid3.png|350px]] | | See [[Android/Old Notes]] |
|
| |
|
| ==Windows==
| |
|
| |
|
| 1. Extract the HTC_Droid_Incredible_Root.zip file to a folder with the same name
| | http://haxf4rall.com/2014/10/21/how-to-hack-an-android-phone/ |
|
| |
|
| 2. Open the folder and launch HTCSync2.0.25.exe and complete the installation
| | =Flags= |
|
| |
|
| [[Image:Droidroot1.png|350px]] | | [[Category:Android]] |
| | |
| [[Image:Droidroot2.png|350px]]
| |
| | |
| 3. Copy the <code>sdk</code> directory into the root of the C drive, in <code>C:\sdk</code>
| |
| | |
| 4. Open <code>C:\sdk</code> and run <code>SDK Setup.exe</code>
| |
| | |
| [[Image:Droidroot3.png|350px]]
| |
| | |
| a) you may get an error about https, if you do then close the window with the error message and click "Settings" on the left-hand side, then check the box that says <code>Force https:// sources to be fetched using http://</code>)
| |
| | |
| b) you may also need to update the version of the Tools. Click on "Available Packages" on the left-hand side of the "Android SDK and AVD Manager" window, and then check the "Android SDK Tools" box, and then click "Install Selected".
| |
| | |
| [[Image:Droidroot4.png|350px]]
| |
| | |
| 5. Go back to the unzipped HTC Droid Incredible Root folder and open <code>command.txt</code>
| |
| | |
| 6. Open a Windows command prompt (Start > Run > "cmd")
| |
| | |
| 7. Change directory to <code>C:\sdk\tools</code> by running
| |
| | |
| <pre>
| |
| > cd\
| |
| > cd sdk
| |
| > cd tools
| |
| </pre>
| |
| | |
| [[Image:Droidroot5.png|350px]]
| |
| | |
| =Internet Tethering=
| |
| | |
| You can get internet tethering for free using a program called Proxoid (http://code.google.com/p/proxoid). It creates a proxy service, so that all internet requests from the computer are forwarded (via USB) to the phone, and the phone then forwards the request to The Interwebs.
| |
| | |
| This literally took me 30 seconds to set up. It's very, very simple if you've got the right tools.
| |
| | |
| 1. First, you'll want the Android SDK kit, because you'll use it to send instructions to the phone. See [[#Installing Android SDK]] above.
| |
| | |
| 2. Enable USB debugging on your phone: Settings > Application > Development > Enable USB Debugging
| |
| | |
| 3. Open the Proxoid application on your phone. I'll assume you're using port 8080, but change it to any port you want.
| |
| | |
| 4. Run this command to tell your phone to handle tcp traffic from your local computer to the Android phone:
| |
| | |
| <source lang="bash">
| |
| $ adb forward tcp:8080 tcp:8080
| |
| </source>
| |
| | |
| Now, when your computer sends requests via port 8080, your phone knows how to handle it correctly.
| |
| | |
| '''You will need to run this command every time you want to use Proxoid!'''
| |
| | |
| 5. Set proxy settings on your local machine so that IT knows to send requests via port 8080. See next section.
| |
| | |
| ==Setting Proxy Settings==
| |
| | |
| You can do this a couple of different ways:
| |
| | |
| ===Proxy Option 1: Browser Only===
| |
| | |
| Most modern browsers allow you to set proxy settings that are specific to the browser. I use (and recommend) Firefox, but other browsers will work too. First, pick Firefox > Settings > Advanced, and pick the "Network" tab:
| |
| | |
| [[Image:FirefoxSettings.png|350px]]
| |
| | |
| Click "Settings", and Firefox will allow you to configure proxy settings. You want to configure the proxy to be localhost and the port to be 8080:
| |
| | |
| [[Image:FirefoxSettingsProxy.png|350px]]
| |
| | |
| In normal-people speak, this tells your computer to route all internet requests through port 8080 of the local machine. Then, any requests to port 8080 are handled by the phone (well, by Proxoid) becuase of the "adb forward tcp:8080 tcp:8080" command you ran above.
| |
| | |
| ===Proxy Option 2: System-Wide===
| |
| | |
| Still working this one out.
| |
| | |
| ===Proxy Option 3: SSH Tunnels===
| |
| | |
| You can use a utility called [[Corkscrew]] available here: http://www.agroman.net/corkscrew/
| |
| | |
| Alternatively, you can use the ProxyTunnel utility available here: http://proxytunnel.sourceforge.net/
| |
| | |
| You can combine this tool with [[SSH#SSH_Tunnels|SSH tunnels]] to redirect traffic from any port through an SSH tunnel.
| |
| | |
| Following the Proxoid Linux users guide (http://code.google.com/p/proxoid/wiki/installationLinux), you can point SSH to the Corkscrew command by adding the following to <code>~/.ssh/config</code>:
| |
| | |
| <pre>
| |
| ProxyCommand /usr/local/bin/corkscrew localhost 8080 %h %p
| |
| ServerAliveInterval 10
| |
| </pre>
| |
| | |
| Note that this will work even when SSHing to non-standard ports. If you run "ssh -p 12345 user@host", then it will pass "host" to "%h", and "12345" to "%p".
| |
| | |
| The <code>ServerAliveInterval</code> is required, because otherwise SSH connections will be closed after around 30 seconds. This sends a "keepalive" packet to the server every 10 seconds.
| |
| | |
| <!--
| |
| | |
| ==Related Pages==
| |
| | |
| * [[Android Interfacing]]
| |
| | |
| -->
| |
| | |
| =Rooting=
| |
| | |
| I picked up an Android HTC Evo 4G for about $15, couldn't pass that up, so I wanted to figure out how to root it.
| |
| | |
| The summary of steps is as follows:
| |
| * Unlock bootloader on phone
| |
| * Download script to root phone
| |
| | |
| Yup, so here's the breakdown of those steps:
| |
| | |
| ==Unlock Bootloader==
| |
| | |
| You can start by getting an account and instructions at http://www.htcdev.com/bootloader/unlock-instructions. They'll provide some binaries that you'll need too.
| |
| | |
| ===Step 1: Turn off Fast Rebooting===
| |
| | |
| Step 1 is to turn off fast rebooting. This was in Settings > Applications > Fast Rebooting (uncheck it).
| |
| | |
| ===Step 2: Download Fastboot Binary===
| |
| | |
| Step 2 is to download the fastboot binary. See the HTC developers website for the binary - they provide it.
| |
| | |
| ===Step 3: Run Fastboot===
| |
| | |
| Step 3 is to run fastboot on your Mac. You'll tell it to listen for a device and get an identification token, basically a fingerprint for your device:
| |
| | |
| <pre>
| |
| ./fastboot-mac oem get_identifier_token
| |
| </pre>
| |
| | |
| This will sit and wait for a device until it finds one, then it'll print the ID token to the screen.
| |
| | |
| ===Step 4: Reboot into Boot Loader===
| |
| | |
| Step 4 is to reboot into the boot loader menu by turning off the phone, and then turning it on while holding down the "Volume Down" button.
| |
| | |
| Sequence: (Turn off phone.) (Hold down the Volume Down button.) (Power on the phone.)
| |
| | |
| You should now see a white android boot loader screen:
| |
| | |
| [[Image:AndroidRoot1.png|500px]]
| |
| | |
| If you use the power button to select "Fastboot USB", you should see a dump of information on the screen where you ran the fastboot command.
| |
| | |
| <pre>
| |
| <<<< Identifier Token Start >>>>
| |
| ED5D284CF59A7747615E7487CA511419
| |
| FDBAE245F8910567A34142D436E00153
| |
| ED5D284CF59A7747615E7487CA511419
| |
| FDBAE245F8910567A34142D436E00153
| |
| ED5D284CF59A7747615E7487CA511419
| |
| FDBAE245F8910567A34142D436E00153
| |
| ED5D284CF59A7747615E7487CA511419
| |
| FDBAE245F8910567A34142D436E00153
| |
| ED5D284CF59A7747615E7487CA511419
| |
| FDBAE245F8910567A34142D436E00153
| |
| <<<<< Identifier Token End >>>>>
| |
| </pre>
| |
| | |
| you'll copy and paste that whole block into the HTC developers website, and they'll email you a key that you use to unlock the phone and put firmware onto it.
| |
| | |
| ===Step 5: Using the Emailed Key===
| |
| | |
| When I checked my email after submitting my device token, I found a .bin file attached to the email. Download it. Now run the following to get an unlock token using this key:
| |
| | |
| <pre>
| |
| fastboot flash unlocktoken Unlock_code.bin
| |
| </pre>
| |
| | |
| You'll see a screen like this, confirming you want to unlock the bootloader and void your warranty:
| |
| | |
| [[Image:AndroidRoot3.png|500px]]
| |
| | |
| Use the Volume Up to pick yes, and Power to select it. The Android phone will restart, and go through a new account setup. This is a brand-new install, everything is wiped clean.
| |
| | |
| Oh yeah, did I mention you should back up your stuff?
| |
| | |
| ==Ready to Root==
| |
| | |
| Once you do all this, you'll finally be done... and ready to actually root the phone.
| |
| | |
| ==Rooting It==
| |
| | |
| Following [http://htcevohacks.com/htc-evo-4g-lte-root/how-to-root-htc-evo-4g-lte-unlock-bootloadertwrp-recovery/ the instructions here]
| |
| | |
| ===Step 1: Settings===
| |
| | |
| Since unlocking the bootloader reset the system, we lost all our settings. Sooo.....
| |
| | |
| First, disable fast boot again. Settings > Applications > Fast boot (uncheck it).
| |
| | |
| Second, enable USB debugging again. Settings > Applications > Development > USB debugging (check it).
| |
| | |
| Now we can restart into the boot loader menu again.
| |
| | |
| ===Step 2: Restart into Boot Loader===
| |
| | |
| Power down, then power on while holding the volume down button.
| |
| | |
| Use volume down to pick bootloader and the power button to pick it.
| |
| | |
| Get the phone to be in fastboot mode, and waiting for the computer to do something.
| |
| | |
| ===Step 3: Flash the Phone===
| |
| | |
| Now you'll use the fastboot binary and the image provided [http://onexroot.com/one-x-root/how-to-root-one-x/ here] to flash the phone, with this command:
| |
| | |
| <pre>
| |
| ./fastboot-mac flash recovery ./openrecovery-twrp-2.1.8-jewel.img
| |
| </pre>
| |
| | |
| The img file comes from the link above.
| |